I inserted me@myserver instead of the real prompt and hostname, and ab.c. instead of the real IP address.

So I wonder, what would insert this stuff (and what can I do to prevent it from reappearing), and is there a text file I can edit to remove it?

I tried various ways of doing sudo route -n del -host 192.168.31.2, but always come up with errors that suggest my syntax is wrong. The one I'm most interested in removing, and therefore presumably re-enabling, is 192.168.31.2,

Yes, I did set up the server myself, and have rebooted at least once since this started happening. If I recall it was worse before the reboot, then it seemed to not allow anyone online, now it blocks just one computer, or only a few. My first concern of course is fixing it, but there is a bigger long term question about security and reliability: Since both these seemingly false routes and entries in hosts.deny blocking some of the same addresses like 192.168.31.2 appeared at the same time, is it likely it was hacked? I took all sorts of precautions, like using ssh (never telnet), restricting webmin to only being administered by certain known IP addresses, etc. In fact I've checked the output of last, which shows nothing suspicious, and installed portsentry to guard against attempts at hacking, and I'm almost beginning to think it was one of my precautions that automatically blocked this stuff in an overzealous attempt to protect itself.

Again, thanks for the tips. The page you refer to has chkrootkit typed in as ckrootkit in several places!

Chkrootkit has shown false positives for the ports portsentry is guarding, like 1524, which correctly drops telnet connections. I wonder if testing the defenses by trying to connect to that triggered adding the computers I tried it from to the blocking list. Quite possible. Being hacked is unlikely, I just wondered how things got blocked, and one scenario that came to mind, (unlikely as it is) is that someone who has gained access is trying to block me from administering the server. But here is the output anyway:

chkrootkit:

sudo chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... nothing found
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for OBSD rk v1... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/usr/sbin/dhcpd3[24353])
eth1: not promisc and no packet sniffer sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted

I'll reboot without portsentry at the next opportunity, but it can't be done immediately, maybe tomorrow or the day after. I found a temporary workaround, to use one system which can still access the server to reassign a new 192.x.y.z IP address to the one being blocked.

I can post the contents of the files in question, but having glanced at them they do look harmless, like configurations for the various services like postfix set up automatically by webmin. But here's what they say:

mountnfs:

#! /bin/sh
# Mount network file systems now that at least one interface is
# configured.

#
# Read through fstab line by line. If it is NFS, set the flag
# for mounting NFS file systems. If any NFS partition is found and it
# not mounted with the nolock option, we start the portmapper.
#
portmap=no
while read device mountpt fstype options
do
case "$device" in
""|\#*)
continue
;;
esac

# If master is running, force a queue run to unload any mail that is
# hanging around. Yes, sendmail is a symlink...
if [ -n "$RUNNING" ]; then
if [ -x /usr/sbin/sendmail ]; then
/usr/sbin/sendmail -q >/dev/null 2>&1
fi
fi